I have a bind9 named running on the 4.x stable branch, and have noticed
that it seems to be sending udp packets to 127.0.0.2:52 about once
every 10 seconds or so (ipfw is denying and logging the traffic).
Google has not shed any light on the subject.
127.0.0.2 is often returned by RBLs, when an address is blocked
(a.k.a. listed as spam source):
Quoth the previous URL (mail-abuse.org):
The theory of operation is simple. Given a host address in its
dotted-quad form, reverse the octets and check for the existence of an
``A RR'' at that node under the blackholes.mail-abuse.org node. So if
you get an SMTP session from [18.104.22.168] you would check for the
22.214.171.124.blackholes.mail-abuse.org. IN A 127.0.0.2
We chose to use an ``A RR'' because that's what Sendmail makes easy to
do. The choice of [127.0.0.2] as the target address was arbitary but
will not change. As it happens, we supply a bogus MAPS RBLSM entry for
[127.0.0.2] so that mail transport developers have something to test
If an ``A RR'' is found by this mechanism, then there will also be a
``TXT RR'' at the same DNS node. The text of this record will be
suitable for use as a reason text for a bounced mail notification.
Currently the text is constant and currently there is no way to use it
from Sendmail, but there it is anyway.
Perhaps you have a mail filter installed, which queries one of those
RBLs, and then tries to do a reverse DNS lookup for 127.0.0.2?
I've grepped all through /etc/, and have found no references to
127.0.0.2, and I certainly don't remember configuring anything (ever)
with that particular address.
What could be the cause of this mysterious bind behavior?
Cordula's Web. http://www.cordula.ws/
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to [EMAIL PROTECTED]